Skills
skills/shaun-z/auto-claude-code-research-in-sleep/auto-review-loop-llm/Gen Agent Trust Hub

auto-review-loop-llm

Pass

Audited by Gen Agent Trust Hub on Apr 19, 2026

Risk Level: SAFEDATA_EXFILTRATIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [DATA_EXFILTRATION]: Transmits research context, claims, and method details to external LLM providers such as OpenAI, DeepSeek, SiliconFlow, and others for automated review.
  • [COMMAND_EXECUTION]: Employs the Bash(*) tool to implement suggested improvements and handle large file writes.
  • [COMMAND_EXECUTION]: Instructs the agent to perform certain file-writing operations silently using Bash if standard tools fail, specifically directing the agent to bypass user confirmation.
  • [PROMPT_INJECTION]: Susceptible to indirect prompt injection as the skill is designed to autonomously implement code changes or project modifications based on the raw, unvalidated responses from external third-party APIs.
  • Ingestion points: Processes raw responses from external LLM APIs (Phase B) and handles project research context (Phase A).
  • Boundary markers: Lacks explicit delimiters or instructions to ignore embedded malicious prompts within the external LLM feedback.
  • Capability inventory: The skill possesses extensive capabilities through Bash(*), Write, Edit, Agent, and Skill tools.
  • Sanitization: No validation or sanitization of the reviewer's feedback is performed before the agent attempts to implement the suggested fixes.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 19, 2026, 03:14 AM